Russian authorities reportedly arrest hacker behind Australia’s Medibank cyberattack

Russian authorities, in collaboration with cybersecurity firm F.A.C.C.T have detained members of the SugarLocker ransomware gang. The gang masqueraded as a legitimate IT firm Shtazi-IT, while conducting their illicit activities.

One of the detained hackers operated under various aliases such as blade_runner, GistaveDore, GustaveDore, and JimJones, and is alleged to be Aleksandr Ermakov, who was previously implicated in the Medibank cyberattacks, affecting millions of Australians.

Researchers suggest that SugarLocker, in a departure from typical behaviour observed in Russian hacker groups, targeted businesses and organizations in Russia and the Commonwealth of Independent States (CIS). The arrests seem to be associated with these activities, and not with the cyberattack on Medibank,

Australian Federal Police said it was aware of reports that Ermakov had been detained.

Additionally, Nikita Kislitsin, a former F.A.C.C.T. security head, was extradited from Kazakhstan to Russia, adding another layer to the ongoing cybersecurity saga involving Russia. Kislitsin, a significant figure in Russia’s hacking circles, has drawn attention from US authorities. In 2013, he became associated with Group-IB, a cybersecurity firm established by Ilya Sachkov. However, Sachkov has since faced legal repercussions, receiving a 14-year prison sentence from a Moscow court on charges of treason.